1 //==========================================================================
3 // src/sys/netinet/ip_output.c
5 //==========================================================================
6 //####BSDCOPYRIGHTBEGIN####
8 // -------------------------------------------
10 // Portions of this software may have been derived from OpenBSD,
11 // FreeBSD or other sources, and are covered by the appropriate
12 // copyright disclaimers included herein.
14 // Portions created by Red Hat are
15 // Copyright (C) 2002 Red Hat, Inc. All Rights Reserved.
17 // -------------------------------------------
19 //####BSDCOPYRIGHTEND####
20 //==========================================================================
23 * Copyright (c) 1982, 1986, 1988, 1990, 1993
24 * The Regents of the University of California. All rights reserved.
26 * Redistribution and use in source and binary forms, with or without
27 * modification, are permitted provided that the following conditions
29 * 1. Redistributions of source code must retain the above copyright
30 * notice, this list of conditions and the following disclaimer.
31 * 2. Redistributions in binary form must reproduce the above copyright
32 * notice, this list of conditions and the following disclaimer in the
33 * documentation and/or other materials provided with the distribution.
34 * 3. All advertising materials mentioning features or use of this software
35 * must display the following acknowledgement:
36 * This product includes software developed by the University of
37 * California, Berkeley and its contributors.
38 * 4. Neither the name of the University nor the names of its contributors
39 * may be used to endorse or promote products derived from this software
40 * without specific prior written permission.
42 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
43 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
45 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
46 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
47 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
48 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
50 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
51 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
55 * $FreeBSD: src/sys/netinet/ip_output.c,v 1.99.2.16 2001/07/19 06:37:26 kris Exp $
60 #include <sys/param.h>
61 #include <sys/malloc.h>
63 #include <sys/protosw.h>
64 #include <sys/socket.h>
65 #include <sys/socketvar.h>
68 #include <net/route.h>
70 #include <netinet/in.h>
71 #include <netinet/in_systm.h>
72 #include <netinet/ip.h>
73 #include <netinet/in_pcb.h>
74 #include <netinet/in_var.h>
75 #include <netinet/ip_var.h>
78 #include <netinet6/ipsec.h>
79 #include <netkey/key.h>
81 #include <netkey/key_debug.h>
83 #define KEYDEBUG(lev,arg)
87 #include <netinet/ip_fw.h>
90 #include <netinet/ip_dummynet.h>
93 #ifdef IPFIREWALL_FORWARD_DEBUG
94 #define print_ip(a) printf("%ld.%ld.%ld.%ld",(ntohl(a.s_addr)>>24)&0xFF,\
95 (ntohl(a.s_addr)>>16)&0xFF,\
96 (ntohl(a.s_addr)>>8)&0xFF,\
97 (ntohl(a.s_addr))&0xFF);
102 static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
103 static struct ifnet *ip_multicast_if __P((struct in_addr *, int *));
104 static void ip_mloopback
105 __P((struct ifnet *, struct mbuf *, struct sockaddr_in *, int));
106 static int ip_getmoptions
107 __P((struct sockopt *, struct ip_moptions *));
108 static int ip_pcbopts __P((int, struct mbuf **, struct mbuf *));
109 static int ip_setmoptions
110 __P((struct sockopt *, struct ip_moptions **));
112 int ip_optcopy __P((struct ip *, struct ip *));
113 extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
116 extern struct protosw inetsw[];
119 * IP output. The packet in mbuf chain m contains a skeletal IP
120 * header (with len, off, ttl, proto, tos, src, dst).
121 * The mbuf chain containing the packet will be freed.
122 * The mbuf opt, if present, will not be freed.
125 ip_output(m0, opt, ro, flags, imo)
130 struct ip_moptions *imo;
132 struct ip *ip, *mhip;
135 int hlen = sizeof (struct ip);
136 int len=0, off, error = 0;
137 struct sockaddr_in *dst;
138 struct in_ifaddr *ia = NULL;
139 int isbroadcast, sw_csum;
141 struct route iproute;
142 struct socket *so = NULL;
143 struct secpolicy *sp = NULL;
145 u_int16_t divert_cookie; /* firewall cookie */
146 #ifdef IPFIREWALL_FORWARD
147 int fwd_rewrite_src = 0;
149 struct ip_fw_chain *rule = NULL;
152 /* Get and reset firewall cookie */
153 divert_cookie = ip_divert_cookie;
154 ip_divert_cookie = 0;
159 #if defined(IPFIREWALL) && defined(DUMMYNET)
161 * dummynet packet are prepended a vestigial mbuf with
162 * m_type = MT_DUMMYNET and m_data pointing to the matching
165 if (m->m_type == MT_DUMMYNET) {
167 * the packet was already tagged, so part of the
168 * processing was already done, and we need to go down.
169 * Get parameters from the header.
171 rule = (struct ip_fw_chain *)(m->m_data) ;
173 ro = & ( ((struct dn_pkt *)m)->ro ) ;
175 dst = ((struct dn_pkt *)m)->dn_dst ;
176 ifp = ((struct dn_pkt *)m)->ifp ;
177 flags = ((struct dn_pkt *)m)->flags ;
181 so = ipsec_getsocket(m);
182 (void)ipsec_setsocket(m, NULL);
184 ip = mtod(m, struct ip *);
185 hlen = IP_VHL_HL(ip->ip_vhl) << 2 ;
186 if (ro->ro_rt != NULL)
187 ia = (struct in_ifaddr *)ro->ro_rt->rt_ifa;
193 so = ipsec_getsocket(m);
194 (void)ipsec_setsocket(m, NULL);
198 if ((m->m_flags & M_PKTHDR) == 0)
199 panic("ip_output no HDR");
201 panic("ip_output no route, proto = %d",
202 mtod(m, struct ip *)->ip_p);
205 m = ip_insertoptions(m, opt, &len);
208 ip = mtod(m, struct ip *);
212 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
213 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2);
216 ip->ip_id = ip_randomid();
218 ip->ip_id = htons(ip_id++);
220 ipstat.ips_localout++;
222 hlen = IP_VHL_HL(ip->ip_vhl) << 2;
225 dst = (struct sockaddr_in *)&ro->ro_dst;
227 * If there is a cached route,
228 * check that it is to the same destination
229 * and is still up. If not, free it and try again.
231 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
232 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
234 ro->ro_rt = (struct rtentry *)0;
236 if (ro->ro_rt == 0) {
237 dst->sin_family = AF_INET;
238 dst->sin_len = sizeof(*dst);
239 dst->sin_addr = ip->ip_dst;
242 * If routing to interface only,
243 * short circuit routing lookup.
245 #define ifatoia(ifa) ((struct in_ifaddr *)(ifa))
246 #define sintosa(sin) ((struct sockaddr *)(sin))
247 if (flags & IP_ROUTETOIF) {
248 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == 0 &&
249 (ia = ifatoia(ifa_ifwithnet(sintosa(dst)))) == 0) {
250 ipstat.ips_noroute++;
256 isbroadcast = in_broadcast(dst->sin_addr, ifp);
259 * If this is the case, we probably don't want to allocate
260 * a protocol-cloned route since we didn't get one from the
261 * ULP. This lets TCP do its thing, while not burdening
262 * forwarding or ICMP with the overhead of cloning a route.
263 * Of course, we still want to do any cloning requested by
264 * the link layer, as this is probably required in all cases
265 * for correct operation (as it is for ARP).
268 rtalloc_ign(ro, RTF_PRCLONING);
269 if (ro->ro_rt == 0) {
270 ipstat.ips_noroute++;
271 error = EHOSTUNREACH;
274 ia = ifatoia(ro->ro_rt->rt_ifa);
275 ifp = ro->ro_rt->rt_ifp;
277 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
278 dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
279 if (ro->ro_rt->rt_flags & RTF_HOST)
280 isbroadcast = (ro->ro_rt->rt_flags & RTF_BROADCAST);
282 isbroadcast = in_broadcast(dst->sin_addr, ifp);
284 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
285 struct in_multi *inm;
287 m->m_flags |= M_MCAST;
289 * IP destination address is multicast. Make sure "dst"
290 * still points to the address in "ro". (It may have been
291 * changed to point to a gateway address, above.)
293 dst = (struct sockaddr_in *)&ro->ro_dst;
295 * See if the caller provided any multicast options
298 ip->ip_ttl = imo->imo_multicast_ttl;
299 if (imo->imo_multicast_ifp != NULL)
300 ifp = imo->imo_multicast_ifp;
301 if (imo->imo_multicast_vif != -1)
303 ip_mcast_src(imo->imo_multicast_vif);
305 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
307 * Confirm that the outgoing interface supports multicast.
309 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) {
310 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
311 ipstat.ips_noroute++;
317 * If source address not specified yet, use address
318 * of outgoing interface.
320 if (ip->ip_src.s_addr == INADDR_ANY) {
321 register struct in_ifaddr *ia1;
323 TAILQ_FOREACH(ia1, &in_ifaddrhead, ia_link)
324 if (ia1->ia_ifp == ifp) {
325 ip->ip_src = IA_SIN(ia1)->sin_addr;
330 IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm);
332 (imo == NULL || imo->imo_multicast_loop)) {
334 * If we belong to the destination multicast group
335 * on the outgoing interface, and the caller did not
336 * forbid loopback, loop back a copy.
338 ip_mloopback(ifp, m, dst, hlen);
342 * If we are acting as a multicast router, perform
343 * multicast forwarding as if the packet had just
344 * arrived on the interface to which we are about
345 * to send. The multicast forwarding function
346 * recursively calls this function, using the
347 * IP_FORWARDING flag to prevent infinite recursion.
349 * Multicasts that are looped back by ip_mloopback(),
350 * above, will be forwarded by the ip_input() routine,
353 if (ip_mrouter && (flags & IP_FORWARDING) == 0) {
355 * Check if rsvp daemon is running. If not, don't
356 * set ip_moptions. This ensures that the packet
357 * is multicast and not just sent down one link
358 * as prescribed by rsvpd.
362 if (ip_mforward(ip, ifp, m, imo) != 0) {
370 * Multicasts with a time-to-live of zero may be looped-
371 * back, above, but must not be transmitted on a network.
372 * Also, multicasts addressed to the loopback interface
373 * are not sent -- the above call to ip_mloopback() will
374 * loop back a copy if this host actually belongs to the
375 * destination group on the loopback interface.
377 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) {
386 * If source address not specified yet, use address
387 * of outgoing interface.
389 if (ip->ip_src.s_addr == INADDR_ANY) {
390 ip->ip_src = IA_SIN(ia)->sin_addr;
391 #ifdef IPFIREWALL_FORWARD
392 /* Keep note that we did this - if the firewall changes
393 * the next-hop, our interface may change, changing the
394 * default source IP. It's a shame so much effort happens
398 #endif /* IPFIREWALL_FORWARD */
403 * disable packet drop hack.
404 * packetdrop should be done by queueing.
408 * Verify that we have any chance at all of being able to queue
409 * the packet or packet fragments
411 if ((ifp->if_snd.ifq_len + ip->ip_len / ifp->if_mtu + 1) >=
412 ifp->if_snd.ifq_maxlen) {
419 * Look for broadcast address and
420 * and verify user is allowed to send
424 if ((ifp->if_flags & IFF_BROADCAST) == 0) {
425 error = EADDRNOTAVAIL;
428 if ((flags & IP_ALLOWBROADCAST) == 0) {
432 /* don't allow broadcast messages to be fragmented */
433 if ((u_short)ip->ip_len > ifp->if_mtu) {
437 m->m_flags |= M_BCAST;
439 m->m_flags &= ~M_BCAST;
444 /* get SP for this packet */
446 sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, flags, &error);
448 sp = ipsec4_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
451 ipsecstat.out_inval++;
458 switch (sp->policy) {
459 case IPSEC_POLICY_DISCARD:
461 * This packet is just discarded.
463 ipsecstat.out_polvio++;
466 case IPSEC_POLICY_BYPASS:
467 case IPSEC_POLICY_NONE:
468 /* no need to do IPsec. */
471 case IPSEC_POLICY_IPSEC:
472 if (sp->req == NULL) {
473 /* acquire a policy */
474 error = key_spdacquire(sp);
479 case IPSEC_POLICY_ENTRUST:
481 printf("ip_output: Invalid policy found. %d\n", sp->policy);
484 struct ipsec_output_state state;
485 bzero(&state, sizeof(state));
487 if (flags & IP_ROUTETOIF) {
489 bzero(&iproute, sizeof(iproute));
492 state.dst = (struct sockaddr *)dst;
498 * delayed checksums are not currently compatible with IPsec
500 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
502 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
508 error = ipsec4_output(&state, sp, flags);
511 if (flags & IP_ROUTETOIF) {
513 * if we have tunnel mode SA, we may need to ignore
516 if (state.ro != &iproute || state.ro->ro_rt != NULL) {
517 flags &= ~IP_ROUTETOIF;
522 dst = (struct sockaddr_in *)state.dst;
524 /* mbuf is already reclaimed in ipsec4_output. */
534 printf("ip4_output (ipsec): error code %d\n", error);
537 /* don't show these error codes to the user */
544 /* be sure to update variables that are affected by ipsec4_output() */
545 ip = mtod(m, struct ip *);
547 hlen = IP_VHL_HL(ip->ip_vhl) << 2;
549 hlen = ip->ip_hl << 2;
551 if (ro->ro_rt == NULL) {
552 if ((flags & IP_ROUTETOIF) == 0) {
554 "can't update route after IPsec processing\n");
555 error = EHOSTUNREACH; /*XXX*/
560 ia = ifatoia(ro->ro_rt->rt_ifa);
561 ifp = ro->ro_rt->rt_ifp;
566 /* make it flipped, again. */
574 * - Xlate: translate packet's addr/port (NAT).
575 * - Firewall: deny/allow/etc.
576 * - Wrap: fake packet's addr/port <unimpl.>
577 * - Encapsulate: put it in another IP and send out. <unimp.>
582 if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
584 ip = mtod(m = m1, struct ip *);
588 * Check with the firewall...
590 if (fw_enable && ip_fw_chk_ptr) {
591 struct sockaddr_in *old = dst;
593 off = (*ip_fw_chk_ptr)(&ip,
594 hlen, ifp, &divert_cookie, &m, &rule, &dst);
596 * On return we must do the following:
597 * IP_FW_PORT_DENY_FLAG -> drop the pkt (XXX new)
598 * 1<=off<= 0xffff -> DIVERT
599 * (off & IP_FW_PORT_DYNT_FLAG) -> send to a DUMMYNET pipe
600 * (off & IP_FW_PORT_TEE_FLAG) -> TEE the packet
601 * dst != old -> IPFIREWALL_FORWARD
602 * off==0, dst==old -> accept
603 * If some of the above modules is not compiled in, then
604 * we should't have to check the corresponding condition
605 * (because the ipfw control socket should not accept
606 * unsupported rules), but better play safe and drop
607 * packets in case of doubt.
609 if ( (off & IP_FW_PORT_DENY_FLAG) || m == NULL) {
615 ip = mtod(m, struct ip *);
616 if (off == 0 && dst == old) /* common case */
619 if ((off & IP_FW_PORT_DYNT_FLAG) != 0) {
621 * pass the pkt to dummynet. Need to include
622 * pipe number, m, ifp, ro, dst because these are
623 * not recomputed in the next pass.
624 * All other parameters have been already used and
625 * so they are not needed anymore.
626 * XXX note: if the ifp or ro entry are deleted
627 * while a pkt is in dummynet, we are in trouble!
629 error = dummynet_io(off & 0xffff, DN_TO_IP_OUT, m,
630 ifp,ro,dst,rule, flags);
635 if (off != 0 && (off & IP_FW_PORT_DYNT_FLAG) == 0) {
636 struct mbuf *clone = NULL;
638 /* Clone packet if we're doing a 'tee' */
639 if ((off & IP_FW_PORT_TEE_FLAG) != 0)
640 clone = m_dup(m, M_DONTWAIT);
644 * delayed checksums are not currently compatible
645 * with divert sockets.
647 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
649 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
652 /* Restore packet header fields to original values */
656 /* Deliver packet to divert input routine */
657 ip_divert_cookie = divert_cookie;
658 divert_packet(m, 0, off & 0xffff);
660 /* If 'tee', continue with original packet */
663 ip = mtod(m, struct ip *);
670 #ifdef IPFIREWALL_FORWARD
671 /* Here we check dst to make sure it's directly reachable on the
672 * interface we previously thought it was.
673 * If it isn't (which may be likely in some situations) we have
674 * to re-route it (ie, find a route for the next-hop and the
675 * associated interface) and set them here. This is nested
676 * forwarding which in most cases is undesirable, except where
677 * such control is nigh impossible. So we do it here.
680 if (off == 0 && old != dst) {
681 struct in_ifaddr *ia;
683 /* It's changed... */
684 /* There must be a better way to do this next line... */
685 static struct route sro_fwd, *ro_fwd = &sro_fwd;
686 #ifdef IPFIREWALL_FORWARD_DEBUG
687 printf("IPFIREWALL_FORWARD: New dst ip: ");
688 print_ip(dst->sin_addr);
692 * We need to figure out if we have been forwarded
693 * to a local socket. If so then we should somehow
694 * "loop back" to ip_input, and get directed to the
695 * PCB as if we had received this packet. This is
696 * because it may be dificult to identify the packets
697 * you want to forward until they are being output
698 * and have selected an interface. (e.g. locally
699 * initiated packets) If we used the loopback inteface,
700 * we would not be able to control what happens
701 * as the packet runs through ip_input() as
702 * it is done through a ISR.
704 TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
706 * If the addr to forward to is one
707 * of ours, we pretend to
708 * be the destination for this packet.
710 if (IA_SIN(ia)->sin_addr.s_addr ==
711 dst->sin_addr.s_addr)
715 /* tell ip_input "dont filter" */
716 ip_fw_fwd_addr = dst;
717 if (m->m_pkthdr.rcvif == NULL)
718 m->m_pkthdr.rcvif = ifunit("lo0");
719 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
720 m->m_pkthdr.csum_flags |=
721 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
722 m0->m_pkthdr.csum_data = 0xffff;
724 m->m_pkthdr.csum_flags |=
725 CSUM_IP_CHECKED | CSUM_IP_VALID;
731 /* Some of the logic for this was
734 * This rewrites the cached route in a local PCB.
735 * Is this what we want to do?
737 bcopy(dst, &ro_fwd->ro_dst, sizeof(*dst));
740 rtalloc_ign(ro_fwd, RTF_PRCLONING);
742 if (ro_fwd->ro_rt == 0) {
743 ipstat.ips_noroute++;
744 error = EHOSTUNREACH;
748 ia = ifatoia(ro_fwd->ro_rt->rt_ifa);
749 ifp = ro_fwd->ro_rt->rt_ifp;
750 ro_fwd->ro_rt->rt_use++;
751 if (ro_fwd->ro_rt->rt_flags & RTF_GATEWAY)
752 dst = (struct sockaddr_in *)ro_fwd->ro_rt->rt_gateway;
753 if (ro_fwd->ro_rt->rt_flags & RTF_HOST)
755 (ro_fwd->ro_rt->rt_flags & RTF_BROADCAST);
757 isbroadcast = in_broadcast(dst->sin_addr, ifp);
759 ro->ro_rt = ro_fwd->ro_rt;
760 dst = (struct sockaddr_in *)&ro_fwd->ro_dst;
763 * If we added a default src ip earlier,
764 * which would have been gotten from the-then
765 * interface, do it again, from the new one.
768 ip->ip_src = IA_SIN(ia)->sin_addr;
771 #endif /* IPFIREWALL_FORWARD */
773 * if we get here, none of the above matches, and
774 * we have to drop the pkt
777 error = EACCES; /* not sure this is the right error msg */
782 m->m_pkthdr.csum_flags |= CSUM_IP;
783 sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
784 if (sw_csum & CSUM_DELAY_DATA) {
786 sw_csum &= ~CSUM_DELAY_DATA;
788 m->m_pkthdr.csum_flags &= ifp->if_hwassist;
791 * If small enough for interface, or the interface will take
792 * care of the fragmentation for us, can just send directly.
794 if ((u_short)ip->ip_len <= ifp->if_mtu ||
795 ifp->if_hwassist & CSUM_FRAGMENT) {
799 if (sw_csum & CSUM_DELAY_IP) {
800 if (ip->ip_vhl == IP_VHL_BORING) {
801 ip->ip_sum = in_cksum_hdr(ip);
803 ip->ip_sum = in_cksum(m, hlen);
807 /* Record statistics for this interface address. */
808 if (!(flags & IP_FORWARDING) && ia != NULL) {
809 ia->ia_ifa.if_opackets++;
810 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
814 /* clean ipsec history once it goes out of the node */
818 error = (*ifp->if_output)(ifp, m,
819 (struct sockaddr *)dst, ro->ro_rt);
823 * Too large for interface; fragment if possible.
824 * Must be able to put at least 8 bytes per fragment.
826 if (ip->ip_off & IP_DF) {
829 * This case can happen if the user changed the MTU
830 * of an interface after enabling IP on it. Because
831 * most netifs don't keep track of routes pointing to
832 * them, there is no way for one to update all its
833 * routes when the MTU is changed.
835 if ((ro->ro_rt->rt_flags & (RTF_UP | RTF_HOST))
836 && !(ro->ro_rt->rt_rmx.rmx_locks & RTV_MTU)
837 && (ro->ro_rt->rt_rmx.rmx_mtu > ifp->if_mtu)) {
838 ro->ro_rt->rt_rmx.rmx_mtu = ifp->if_mtu;
840 ipstat.ips_cantfrag++;
843 len = (ifp->if_mtu - hlen) &~ 7;
850 * if the interface will not calculate checksums on
851 * fragmented packets, then do it here.
853 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA &&
854 (ifp->if_hwassist & CSUM_IP_FRAGS) == 0) {
856 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
860 int mhlen, firstlen = len;
861 struct mbuf **mnext = &m->m_nextpkt;
865 * Loop through length of segment after first fragment,
866 * make new header and copy data of each part and link onto chain.
869 mhlen = sizeof (struct ip);
870 for (off = hlen + len; off < (u_short)ip->ip_len; off += len) {
871 MGETHDR(m, M_DONTWAIT, MT_HEADER);
874 ipstat.ips_odropped++;
877 m->m_flags |= (m0->m_flags & M_MCAST) | M_FRAG;
878 m->m_data += max_linkhdr;
879 mhip = mtod(m, struct ip *);
881 if (hlen > sizeof (struct ip)) {
882 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
883 mhip->ip_vhl = IP_MAKE_VHL(IPVERSION, mhlen >> 2);
886 mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF);
887 if (ip->ip_off & IP_MF)
888 mhip->ip_off |= IP_MF;
889 if (off + len >= (u_short)ip->ip_len)
890 len = (u_short)ip->ip_len - off;
892 mhip->ip_off |= IP_MF;
893 mhip->ip_len = htons((u_short)(len + mhlen));
894 m->m_next = m_copy(m0, off, len);
895 if (m->m_next == 0) {
897 error = ENOBUFS; /* ??? */
898 ipstat.ips_odropped++;
901 m->m_pkthdr.len = mhlen + len;
902 m->m_pkthdr.rcvif = (struct ifnet *)0;
903 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
906 if (sw_csum & CSUM_DELAY_IP) {
907 if (mhip->ip_vhl == IP_VHL_BORING) {
908 mhip->ip_sum = in_cksum_hdr(mhip);
910 mhip->ip_sum = in_cksum(m, mhlen);
914 mnext = &m->m_nextpkt;
917 ipstat.ips_ofragments += nfrags;
919 /* set first/last markers for fragment chain */
920 m->m_flags |= M_LASTFRAG;
921 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
922 m0->m_pkthdr.csum_data = nfrags;
925 * Update first fragment by trimming what's been copied out
926 * and updating header, then send each fragment (in order).
929 m_adj(m, hlen + firstlen - (u_short)ip->ip_len);
930 m->m_pkthdr.len = hlen + firstlen;
931 ip->ip_len = htons((u_short)m->m_pkthdr.len);
935 if (sw_csum & CSUM_DELAY_IP) {
936 if (ip->ip_vhl == IP_VHL_BORING) {
937 ip->ip_sum = in_cksum_hdr(ip);
939 ip->ip_sum = in_cksum(m, hlen);
943 for (m = m0; m; m = m0) {
947 /* clean ipsec history once it goes out of the node */
951 /* Record statistics for this interface address. */
953 ia->ia_ifa.if_opackets++;
954 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
957 error = (*ifp->if_output)(ifp, m,
958 (struct sockaddr *)dst, ro->ro_rt);
964 ipstat.ips_fragmented++;
968 if (ro == &iproute && ro->ro_rt) {
973 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
974 printf("DP ip_output call free SP:%p\n", sp));
985 in_delayed_cksum(struct mbuf *m)
988 u_short csum, offset;
990 ip = mtod(m, struct ip *);
991 offset = IP_VHL_HL(ip->ip_vhl) << 2 ;
992 csum = in_cksum_skip(m, ip->ip_len, offset);
993 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0)
995 offset += m->m_pkthdr.csum_data; /* checksum offset */
997 if (offset + sizeof(u_short) > m->m_len) {
998 printf("delayed m_pullup, m->len: %d off: %d p: %d\n",
999 m->m_len, offset, ip->ip_p);
1002 * this shouldn't happen, but if it does, the
1003 * correct behavior may be to insert the checksum
1004 * in the existing chain instead of rearranging it.
1006 m = m_pullup(m, offset + sizeof(u_short));
1008 *(u_short *)(m->m_data + offset) = csum;
1012 * Insert IP options into preformed packet.
1013 * Adjust IP destination as required for IP source routing,
1014 * as indicated by a non-zero in_addr at the start of the options.
1016 * XXX This routine assumes that the packet has no options in place.
1018 static struct mbuf *
1019 ip_insertoptions(m, opt, phlen)
1020 register struct mbuf *m;
1024 register struct ipoption *p = mtod(opt, struct ipoption *);
1026 register struct ip *ip = mtod(m, struct ip *);
1029 optlen = opt->m_len - sizeof(p->ipopt_dst);
1030 if (optlen + (u_short)ip->ip_len > IP_MAXPACKET)
1031 return (m); /* XXX should fail */
1032 if (p->ipopt_dst.s_addr)
1033 ip->ip_dst = p->ipopt_dst;
1034 if (m->m_flags & M_EXT || m->m_data - optlen < m->m_pktdat) {
1035 MGETHDR(n, M_DONTWAIT, MT_HEADER);
1038 n->m_pkthdr.rcvif = (struct ifnet *)0;
1039 n->m_pkthdr.len = m->m_pkthdr.len + optlen;
1040 m->m_len -= sizeof(struct ip);
1041 m->m_data += sizeof(struct ip);
1044 m->m_len = optlen + sizeof(struct ip);
1045 m->m_data += max_linkhdr;
1046 (void)memcpy(mtod(m, void *), ip, sizeof(struct ip));
1048 m->m_data -= optlen;
1050 m->m_pkthdr.len += optlen;
1051 ovbcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip));
1053 ip = mtod(m, struct ip *);
1054 bcopy(p->ipopt_list, ip + 1, optlen);
1055 *phlen = sizeof(struct ip) + optlen;
1056 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, *phlen >> 2);
1057 ip->ip_len += optlen;
1062 * Copy options from ip to jp,
1063 * omitting those not copied during fragmentation.
1069 register u_char *cp, *dp;
1070 int opt, optlen, cnt;
1072 cp = (u_char *)(ip + 1);
1073 dp = (u_char *)(jp + 1);
1074 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof (struct ip);
1075 for (; cnt > 0; cnt -= optlen, cp += optlen) {
1077 if (opt == IPOPT_EOL)
1079 if (opt == IPOPT_NOP) {
1080 /* Preserve for IP mcast tunnel's LSRR alignment. */
1086 if (cnt < IPOPT_OLEN + sizeof(*cp))
1087 panic("malformed IPv4 option passed to ip_optcopy");
1089 optlen = cp[IPOPT_OLEN];
1091 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
1092 panic("malformed IPv4 option passed to ip_optcopy");
1094 /* bogus lengths should have been caught by ip_dooptions */
1097 if (IPOPT_COPIED(opt)) {
1098 bcopy(cp, dp, optlen);
1102 for (optlen = dp - (u_char *)(jp+1); optlen & 0x3; optlen++)
1108 * IP socket option processing.
1111 ip_ctloutput(so, sopt)
1113 struct sockopt *sopt;
1115 struct inpcb *inp = sotoinpcb(so);
1119 if (sopt->sopt_level != IPPROTO_IP) {
1123 switch (sopt->sopt_dir) {
1125 switch (sopt->sopt_name) {
1132 if (sopt->sopt_valsize > MLEN) {
1136 MGET(m, sopt->sopt_p ? M_WAIT : M_DONTWAIT, MT_HEADER);
1141 m->m_len = sopt->sopt_valsize;
1142 error = sooptcopyin(sopt, mtod(m, char *), m->m_len,
1145 return (ip_pcbopts(sopt->sopt_name, &inp->inp_options,
1152 case IP_RECVRETOPTS:
1153 case IP_RECVDSTADDR:
1155 #if defined(NFAITH) && NFAITH > 0
1158 error = sooptcopyin(sopt, &optval, sizeof optval,
1163 switch (sopt->sopt_name) {
1165 inp->inp_ip_tos = optval;
1169 inp->inp_ip_ttl = optval;
1171 #define OPTSET(bit) \
1173 inp->inp_flags |= bit; \
1175 inp->inp_flags &= ~bit;
1178 OPTSET(INP_RECVOPTS);
1181 case IP_RECVRETOPTS:
1182 OPTSET(INP_RECVRETOPTS);
1185 case IP_RECVDSTADDR:
1186 OPTSET(INP_RECVDSTADDR);
1193 #if defined(NFAITH) && NFAITH > 0
1202 case IP_MULTICAST_IF:
1203 case IP_MULTICAST_VIF:
1204 case IP_MULTICAST_TTL:
1205 case IP_MULTICAST_LOOP:
1206 case IP_ADD_MEMBERSHIP:
1207 case IP_DROP_MEMBERSHIP:
1208 error = ip_setmoptions(sopt, &inp->inp_moptions);
1212 error = sooptcopyin(sopt, &optval, sizeof optval,
1218 case IP_PORTRANGE_DEFAULT:
1219 inp->inp_flags &= ~(INP_LOWPORT);
1220 inp->inp_flags &= ~(INP_HIGHPORT);
1223 case IP_PORTRANGE_HIGH:
1224 inp->inp_flags &= ~(INP_LOWPORT);
1225 inp->inp_flags |= INP_HIGHPORT;
1228 case IP_PORTRANGE_LOW:
1229 inp->inp_flags &= ~(INP_HIGHPORT);
1230 inp->inp_flags |= INP_LOWPORT;
1240 case IP_IPSEC_POLICY:
1248 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1250 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
1253 req = mtod(m, caddr_t);
1255 optname = sopt->sopt_name;
1256 error = ipsec4_set_policy(inp, optname, req, len, priv);
1263 error = ENOPROTOOPT;
1269 switch (sopt->sopt_name) {
1272 if (inp->inp_options)
1273 error = sooptcopyout(sopt,
1274 mtod(inp->inp_options,
1276 inp->inp_options->m_len);
1278 sopt->sopt_valsize = 0;
1284 case IP_RECVRETOPTS:
1285 case IP_RECVDSTADDR:
1288 #if defined(NFAITH) && NFAITH > 0
1291 switch (sopt->sopt_name) {
1294 optval = inp->inp_ip_tos;
1298 optval = inp->inp_ip_ttl;
1301 #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
1304 optval = OPTBIT(INP_RECVOPTS);
1307 case IP_RECVRETOPTS:
1308 optval = OPTBIT(INP_RECVRETOPTS);
1311 case IP_RECVDSTADDR:
1312 optval = OPTBIT(INP_RECVDSTADDR);
1316 optval = OPTBIT(INP_RECVIF);
1320 if (inp->inp_flags & INP_HIGHPORT)
1321 optval = IP_PORTRANGE_HIGH;
1322 else if (inp->inp_flags & INP_LOWPORT)
1323 optval = IP_PORTRANGE_LOW;
1328 #if defined(NFAITH) && NFAITH > 0
1330 optval = OPTBIT(INP_FAITH);
1334 error = sooptcopyout(sopt, &optval, sizeof optval);
1337 case IP_MULTICAST_IF:
1338 case IP_MULTICAST_VIF:
1339 case IP_MULTICAST_TTL:
1340 case IP_MULTICAST_LOOP:
1341 case IP_ADD_MEMBERSHIP:
1342 case IP_DROP_MEMBERSHIP:
1343 error = ip_getmoptions(sopt, inp->inp_moptions);
1347 case IP_IPSEC_POLICY:
1349 struct mbuf *m = NULL;
1352 size_t ovalsize = sopt->sopt_valsize;
1353 caddr_t oval = (caddr_t)sopt->sopt_val;
1355 error = soopt_getm(sopt, &m); /* XXX */
1358 error = soopt_mcopyin(sopt, m); /* XXX */
1361 sopt->sopt_valsize = ovalsize;
1362 sopt->sopt_val = oval;
1365 req = mtod(m, caddr_t);
1368 error = ipsec4_get_policy(sotoinpcb(so), req, len, &m);
1370 error = soopt_mcopyout(sopt, m); /* XXX */
1378 error = ENOPROTOOPT;
1387 * Set up IP options in pcb for insertion in output packets.
1388 * Store in mbuf with pointer in pcbopt, adding pseudo-option
1389 * with destination address if source routed.
1392 ip_pcbopts(optname, pcbopt, m)
1394 struct mbuf **pcbopt;
1395 register struct mbuf *m;
1397 register int cnt, optlen;
1398 register u_char *cp;
1401 /* turn off any old options */
1403 (void)m_free(*pcbopt);
1405 if (m == (struct mbuf *)0 || m->m_len == 0) {
1407 * Only turning off any previous options.
1415 if (m->m_len % sizeof(int32_t))
1419 * IP first-hop destination address will be stored before
1420 * actual options; move other options back
1421 * and clear it when none present.
1423 if (m->m_data + m->m_len + sizeof(struct in_addr) >= &m->m_dat[MLEN])
1426 m->m_len += sizeof(struct in_addr);
1427 cp = mtod(m, u_char *) + sizeof(struct in_addr);
1428 ovbcopy(mtod(m, caddr_t), (caddr_t)cp, (unsigned)cnt);
1429 bzero(mtod(m, caddr_t), sizeof(struct in_addr));
1431 for (; cnt > 0; cnt -= optlen, cp += optlen) {
1432 opt = cp[IPOPT_OPTVAL];
1433 if (opt == IPOPT_EOL)
1435 if (opt == IPOPT_NOP)
1438 if (cnt < IPOPT_OLEN + sizeof(*cp))
1440 optlen = cp[IPOPT_OLEN];
1441 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
1452 * user process specifies route as:
1454 * D must be our final destination (but we can't
1455 * check that since we may not have connected yet).
1456 * A is first hop destination, which doesn't appear in
1457 * actual IP option, but is stored before the options.
1459 if (optlen < IPOPT_MINOFF - 1 + sizeof(struct in_addr))
1461 m->m_len -= sizeof(struct in_addr);
1462 cnt -= sizeof(struct in_addr);
1463 optlen -= sizeof(struct in_addr);
1464 cp[IPOPT_OLEN] = optlen;
1466 * Move first hop before start of options.
1468 bcopy((caddr_t)&cp[IPOPT_OFFSET+1], mtod(m, caddr_t),
1469 sizeof(struct in_addr));
1471 * Then copy rest of options back
1472 * to close up the deleted entry.
1474 ovbcopy((caddr_t)(&cp[IPOPT_OFFSET+1] +
1475 sizeof(struct in_addr)),
1476 (caddr_t)&cp[IPOPT_OFFSET+1],
1477 (unsigned)cnt + sizeof(struct in_addr));
1481 if (m->m_len > MAX_IPOPTLEN + sizeof(struct in_addr))
1493 * The whole multicast option thing needs to be re-thought.
1494 * Several of these options are equally applicable to non-multicast
1495 * transmission, and one (IP_MULTICAST_TTL) totally duplicates a
1496 * standard option (IP_TTL).
1500 * following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index.
1502 static struct ifnet *
1503 ip_multicast_if(a, ifindexp)
1512 if (ntohl(a->s_addr) >> 24 == 0) {
1513 ifindex = ntohl(a->s_addr) & 0xffffff;
1514 if (ifindex < 0 || if_index < ifindex)
1516 ifp = ifindex2ifnet[ifindex];
1518 *ifindexp = ifindex;
1520 INADDR_TO_IFP(*a, ifp);
1526 * Set the IP multicast options in response to user setsockopt().
1529 ip_setmoptions(sopt, imop)
1530 struct sockopt *sopt;
1531 struct ip_moptions **imop;
1535 struct in_addr addr;
1536 struct ip_mreq mreq;
1538 struct ip_moptions *imo = *imop;
1540 struct sockaddr_in *dst;
1546 * No multicast option buffer attached to the pcb;
1547 * allocate one and initialize to default values.
1549 imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS,
1555 imo->imo_multicast_ifp = NULL;
1556 imo->imo_multicast_addr.s_addr = INADDR_ANY;
1557 imo->imo_multicast_vif = -1;
1558 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1559 imo->imo_multicast_loop = IP_DEFAULT_MULTICAST_LOOP;
1560 imo->imo_num_memberships = 0;
1563 switch (sopt->sopt_name) {
1564 /* store an index number for the vif you wanna use in the send */
1565 case IP_MULTICAST_VIF:
1566 if (legal_vif_num == 0) {
1570 error = sooptcopyin(sopt, &i, sizeof i, sizeof i);
1573 if (!legal_vif_num(i) && (i != -1)) {
1577 imo->imo_multicast_vif = i;
1580 case IP_MULTICAST_IF:
1582 * Select the interface for outgoing multicast packets.
1584 error = sooptcopyin(sopt, &addr, sizeof addr, sizeof addr);
1588 * INADDR_ANY is used to remove a previous selection.
1589 * When no interface is selected, a default one is
1590 * chosen every time a multicast packet is sent.
1592 if (addr.s_addr == INADDR_ANY) {
1593 imo->imo_multicast_ifp = NULL;
1597 * The selected interface is identified by its local
1598 * IP address. Find the interface and confirm that
1599 * it supports multicasting.
1602 ifp = ip_multicast_if(&addr, &ifindex);
1603 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1605 error = EADDRNOTAVAIL;
1608 imo->imo_multicast_ifp = ifp;
1610 imo->imo_multicast_addr = addr;
1612 imo->imo_multicast_addr.s_addr = INADDR_ANY;
1616 case IP_MULTICAST_TTL:
1618 * Set the IP time-to-live for outgoing multicast packets.
1619 * The original multicast API required a char argument,
1620 * which is inconsistent with the rest of the socket API.
1621 * We allow either a char or an int.
1623 if (sopt->sopt_valsize == 1) {
1625 error = sooptcopyin(sopt, &ttl, 1, 1);
1628 imo->imo_multicast_ttl = ttl;
1631 error = sooptcopyin(sopt, &ttl, sizeof ttl,
1638 imo->imo_multicast_ttl = ttl;
1642 case IP_MULTICAST_LOOP:
1644 * Set the loopback flag for outgoing multicast packets.
1645 * Must be zero or one. The original multicast API required a
1646 * char argument, which is inconsistent with the rest
1647 * of the socket API. We allow either a char or an int.
1649 if (sopt->sopt_valsize == 1) {
1651 error = sooptcopyin(sopt, &loop, 1, 1);
1654 imo->imo_multicast_loop = !!loop;
1657 error = sooptcopyin(sopt, &loop, sizeof loop,
1661 imo->imo_multicast_loop = !!loop;
1665 case IP_ADD_MEMBERSHIP:
1667 * Add a multicast group membership.
1668 * Group must be a valid IP multicast address.
1670 error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq);
1674 if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) {
1680 * If no interface address was provided, use the interface of
1681 * the route to the given multicast address.
1683 if (mreq.imr_interface.s_addr == INADDR_ANY) {
1684 bzero((caddr_t)&ro, sizeof(ro));
1685 dst = (struct sockaddr_in *)&ro.ro_dst;
1686 dst->sin_len = sizeof(*dst);
1687 dst->sin_family = AF_INET;
1688 dst->sin_addr = mreq.imr_multiaddr;
1690 if (ro.ro_rt == NULL) {
1691 error = EADDRNOTAVAIL;
1695 ifp = ro.ro_rt->rt_ifp;
1699 ifp = ip_multicast_if(&mreq.imr_interface, NULL);
1703 * See if we found an interface, and confirm that it
1704 * supports multicast.
1706 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1707 error = EADDRNOTAVAIL;
1712 * See if the membership already exists or if all the
1713 * membership slots are full.
1715 for (i = 0; i < imo->imo_num_memberships; ++i) {
1716 if (imo->imo_membership[i]->inm_ifp == ifp &&
1717 imo->imo_membership[i]->inm_addr.s_addr
1718 == mreq.imr_multiaddr.s_addr)
1721 if (i < imo->imo_num_memberships) {
1726 if (i == IP_MAX_MEMBERSHIPS) {
1727 error = ETOOMANYREFS;
1732 * Everything looks good; add a new record to the multicast
1733 * address list for the given interface.
1735 if ((imo->imo_membership[i] =
1736 in_addmulti(&mreq.imr_multiaddr, ifp)) == NULL) {
1741 ++imo->imo_num_memberships;
1745 case IP_DROP_MEMBERSHIP:
1747 * Drop a multicast group membership.
1748 * Group must be a valid IP multicast address.
1750 error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq);
1754 if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) {
1761 * If an interface address was specified, get a pointer
1762 * to its ifnet structure.
1764 if (mreq.imr_interface.s_addr == INADDR_ANY)
1767 ifp = ip_multicast_if(&mreq.imr_interface, NULL);
1769 error = EADDRNOTAVAIL;
1775 * Find the membership in the membership array.
1777 for (i = 0; i < imo->imo_num_memberships; ++i) {
1779 imo->imo_membership[i]->inm_ifp == ifp) &&
1780 imo->imo_membership[i]->inm_addr.s_addr ==
1781 mreq.imr_multiaddr.s_addr)
1784 if (i == imo->imo_num_memberships) {
1785 error = EADDRNOTAVAIL;
1790 * Give up the multicast address record to which the
1791 * membership points.
1793 in_delmulti(imo->imo_membership[i]);
1795 * Remove the gap in the membership array.
1797 for (++i; i < imo->imo_num_memberships; ++i)
1798 imo->imo_membership[i-1] = imo->imo_membership[i];
1799 --imo->imo_num_memberships;
1809 * If all options have default values, no need to keep the mbuf.
1811 if (imo->imo_multicast_ifp == NULL &&
1812 imo->imo_multicast_vif == -1 &&
1813 imo->imo_multicast_ttl == IP_DEFAULT_MULTICAST_TTL &&
1814 imo->imo_multicast_loop == IP_DEFAULT_MULTICAST_LOOP &&
1815 imo->imo_num_memberships == 0) {
1816 free(*imop, M_IPMOPTS);
1824 * Return the IP multicast options in response to user getsockopt().
1827 ip_getmoptions(sopt, imo)
1828 struct sockopt *sopt;
1829 register struct ip_moptions *imo;
1831 struct in_addr addr;
1832 struct in_ifaddr *ia;
1837 switch (sopt->sopt_name) {
1838 case IP_MULTICAST_VIF:
1840 optval = imo->imo_multicast_vif;
1843 error = sooptcopyout(sopt, &optval, sizeof optval);
1846 case IP_MULTICAST_IF:
1847 if (imo == NULL || imo->imo_multicast_ifp == NULL)
1848 addr.s_addr = INADDR_ANY;
1849 else if (imo->imo_multicast_addr.s_addr) {
1850 /* return the value user has set */
1851 addr = imo->imo_multicast_addr;
1853 IFP_TO_IA(imo->imo_multicast_ifp, ia);
1854 addr.s_addr = (ia == NULL) ? INADDR_ANY
1855 : IA_SIN(ia)->sin_addr.s_addr;
1857 error = sooptcopyout(sopt, &addr, sizeof addr);
1860 case IP_MULTICAST_TTL:
1862 optval = coptval = IP_DEFAULT_MULTICAST_TTL;
1864 optval = coptval = imo->imo_multicast_ttl;
1865 if (sopt->sopt_valsize == 1)
1866 error = sooptcopyout(sopt, &coptval, 1);
1868 error = sooptcopyout(sopt, &optval, sizeof optval);
1871 case IP_MULTICAST_LOOP:
1873 optval = coptval = IP_DEFAULT_MULTICAST_LOOP;
1875 optval = coptval = imo->imo_multicast_loop;
1876 if (sopt->sopt_valsize == 1)
1877 error = sooptcopyout(sopt, &coptval, 1);
1879 error = sooptcopyout(sopt, &optval, sizeof optval);
1883 error = ENOPROTOOPT;
1890 * Discard the IP multicast options.
1893 ip_freemoptions(imo)
1894 register struct ip_moptions *imo;
1899 for (i = 0; i < imo->imo_num_memberships; ++i)
1900 in_delmulti(imo->imo_membership[i]);
1901 free(imo, M_IPMOPTS);
1906 * Routine called from ip_output() to loop back a copy of an IP multicast
1907 * packet to the input queue of a specified interface. Note that this
1908 * calls the output routine of the loopback "driver", but with an interface
1909 * pointer that might NOT be a loopback interface -- evil, but easier than
1910 * replicating that code here.
1913 ip_mloopback(ifp, m, dst, hlen)
1915 register struct mbuf *m;
1916 register struct sockaddr_in *dst;
1919 register struct ip *ip;
1922 copym = m_copy(m, 0, M_COPYALL);
1923 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen))
1924 copym = m_pullup(copym, hlen);
1925 if (copym != NULL) {
1927 * We don't bother to fragment if the IP length is greater
1928 * than the interface's MTU. Can this possibly matter?
1930 ip = mtod(copym, struct ip *);
1934 if (ip->ip_vhl == IP_VHL_BORING) {
1935 ip->ip_sum = in_cksum_hdr(ip);
1937 ip->ip_sum = in_cksum(copym, hlen);
1941 * It's not clear whether there are any lingering
1942 * reentrancy problems in other areas which might
1943 * be exposed by using ip_input directly (in
1944 * particular, everything which modifies the packet
1945 * in-place). Yet another option is using the
1946 * protosw directly to deliver the looped back
1947 * packet. For the moment, we'll err on the side
1948 * of safety by using if_simloop().
1951 if (dst->sin_family != AF_INET) {
1952 printf("ip_mloopback: bad address family %d\n",
1954 dst->sin_family = AF_INET;
1959 copym->m_pkthdr.rcvif = ifp;
1962 /* if the checksum hasn't been computed, mark it as valid */
1963 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
1964 copym->m_pkthdr.csum_flags |=
1965 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
1966 copym->m_pkthdr.csum_data = 0xffff;
1968 if_simloop(ifp, copym, dst->sin_family, 0);